d). The VPS's network access was suspended and c=
ustomer<br>
=C2=A0 =C2=A0 contacted.<br>
<br>
=C2=A0 =C2=A0 It was later determined that a user account on the VPS had be=
en<br>
=C2=A0 =C2=A0 accessed starting 3 days ago, via an SSH dictionary attack. T=
he<br>
=C2=A0 =C2=A0 attacker installed another copy of the SSH dictionary attack<=
br>
=C2=A0 =C2=A0 software and set it going. We do not believe that root access=
<br>
=C2=A0 =C2=A0 was obtained.<br>
<br>
The amount of detail would vary because we may only become aware of<br>
a compromise when the customer's VPS itself starts perpetrating<br>
abusive activity, and then we rely on the customer to investigate<br>
why that is.<br>
<br>
If the customer is unable/unwilling to do this then we may never<br>
know why their VPS began misbehaving. We don't examine customer data<br=
>
unless given permission to do so, and even then this is often too<br>
time-consuming to undertake on an unpaid basis. I would consider the<br>
above an example of the maximum amount of detail we would go into.<br>
<br>
No identifying information regarding the affected customer would be<br>
shared. We already share non-identifying information similar to the<br>
above to peers within the industry to aid deterrence and detection<br>
of future abuses.<br>
<br>
Would this sort of posting be welcomed or would it be unwelcome<br>
noise? If the consensus is that it would be unwelcome noise then I<br>
may create a new list specifically for it, but I would rather not do<br>
so as then that is just another list that we have to raise awareness<br>
of.<br>
<br>
Please also note that those with an extremely low tolerance for<br>
email noise may wish to quit this list and instead join the<br>
"announce" list, as it contains only announcements from BitFolk w=
ith<br>
no customer discussion whatsoever:<br>
<br>
=C2=A0 =C2=A0 <a href=3D"
https://lists.bitfolk.com/mailman/listinfo/announc=
e" target=3D"_blank">
https://lists.bitfolk.com/mailman/listinfo/announce</a=
><br>
=C2=A0 =C2=A0 <a href=3D"
http://lists.bitfolk.com/lurker/list/announce.html=
" target=3D"_blank">
http://lists.bitfolk.com/lurker/list/announce.html</a><=
br>
<br>
(just 19 threads this year)<br>
<br>
Thoughts?<br>
<br>
Cheers,<br>
Andy<br>
<br>
--<br>
<a href=3D"
http://bitfolk.com/" target=3D"_blank">
http://bitfolk.com/</a> -=
- No-nonsense VPS hosting<br>
<br></div>-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.10 (GNU/Linux)<br>
<br>
iEYEAREDAAYFAlDBUj4ACgkQIJm2TL8VSQsqvACgwIgInU6KIOtadzOhGfxJbzq2<br>
IMwAoKpBPCQW2HYD1Dgs6RPF38QNycai<br>
=3Dxqsl<br>
-----END PGP SIGNATURE-----<br>
<br>_______________________________________________<br>
users mailing list<br>
<a href=3D"
mailto:users@lists.bitfolk.com" target=3D"_blank">users@???=
tfolk.com</a><br>
<a href=3D"
https://lists.bitfolk.com/mailman/listinfo/users" target=3D"_bla=
nk">
https://lists.bitfolk.com/mailman/listinfo/users</a><br>
<br></blockquote></div>
</div>
--20cf3036370534056b04d03b708a--
From ross@??? Fri Dec 07 04:50:08 2012
Received: from illusory.impropriety.org.uk ([2001:ba8:1f1:f21b::2])
by mail.bitfolk.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
(Exim 4.72) (envelope-from <ross@???>)
id 1Tgpt1-0007NE-GK
for users@???; Fri, 07 Dec 2012 04:50:07 +0000
Received: from 135.250.69.111.dynamic.snap.net.nz ([111.69.250.135]
helo=[172.20.45.26]) by illusory.impropriety.org.uk with esmtpsa
(TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72)
(envelope-from <ross@???>) id 1Tgpsz-0002qU-ML
for users@???; Fri, 07 Dec 2012 04:50:06 +0000
Message-ID: <50C17579.6020503@???>
Date: Fri, 07 Dec 2012 17:50:01 +1300
From: Ross Younger <ross@???>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: users@???
References: <20121207021942.GT3867@???>
In-Reply-To: <20121207021942.GT386
